EMA Blog: Business Intelligence and IT Management

If you think that ITSM is static and old hat, think twice. A huge number of innovations are just emerging—some have been a long time in coming; while others are unexpected surprises—as analytics and automation are changing the ITSM game dramatically. Here are some trends that I’ve seen in 2014 that I expect will grow [...]

Reflecting on my earlier career in IT management, I have to confess to a level of astonishment at how naïve IT administrative practices were just a decade or two ago. Failure events were common, and most organizations just accepted as immutable fact the reality of systemic firefighting. IT services critical to business operations were all too often held together with little more than a hope and a prayer. Sure, my colleagues and I were acutely aware of the importance of performing “root cause analysis” and implementing proactive management practices, but who had the time for that? The inevitability of business pressures, support limitations, and time constraints most often contributed to sustaining a mantra of “just get it working and move on!”

Working in information security for the past 20 years, I have seen a lot. Though there have been many multi-million dollar impact breaches, the recent Sony Pictures hack and subsequent data exposure and extortion is probably the most impactful to a company out of the previous breaches this year.

When I started out in security, only very large organizations with a mature set of business processes dared to talk about implementing some form of governance, risk, and compliance (GRC) or enterprise program (e-GRC). They generally did it in an attempt to get ISO or similar certification, or to “move their programs to the next level,” and some, I think, attempted it just to prove they did it. Many of those efforts were monumental, costing millions of dollars and taking years to complete. However, a significant number seemed to end in compromise, yielding a smaller end result or totally failing after thousands of man hours and millions of dollars for software, systems, and consulting had been spent.

There is no disagreement that the current mag-stripe technology used in the USA and other countries outside of the EU is antiquated and lends itself to fraud. The data is easily copied using various methods from manual card data copying and shoulder surfing, to database compromise and POS terminal malware.  Cards can be reproduced with off-the-shelf plastic blanks and a simple machine you can buy on the Internet.

The Cloud Security Alliance (CSA) is a not-for-profit think tank of volunteers that spend their time trying to better the internet. These people are the antithesis of cybercriminals; they spend their energy trying to figure out ways to make our data safer. They create best practices for providing security assurance within cloud computing, or in this case, they determine how a cloud environment can be used to enhance and scale authentication for a service that can be cloud-based or private data center-based.

This week, Las Vegas hosted some 3500 people at the MGM Grand to mark Splunk .conf14, the annual user gathering for Splunk customers, referred to as “Splunkers”. For those of you not in the tech industry, spelunking, or the act of exploring caves, may come to mind. The theme of the conference was not cave exploration, but data exploration; however, the analogy of cave exploration actually aligns very well. “Splunkers” are diving into their data, delving deep into places that many have never explored before. Each of them finding new and cool ways to use the data that they have been collecting for years, just-in-case they ever needed it.

A little over a year ago, I got into a rather animated argument about whether IT could measure its performance by the “value” it delivered rather than by purely measuring “costs.” My dinner companion insisted that IT could now, always, and forever only be measured on costs. I disagreed. In fact I had just planned [...]

If you are an IT manager, have you ever found yourself stuck in the uncomfortable position of having to choose which jobs are given priority access to essential computing resources? Most likely you have as this is not an uncommon problem. Expecting them to invoke the Wisdom of Solomon, enterprises often bestow the power to decide the workload hierarchy on IT operations. But as most IT managers will tell you, this responsibility is typically more of a curse than a blessing.